Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/df206b-bdbb-4fe0-9f7b-c0ac4e9af3cb/1/Qtc_zuFzRUz7J07L37X5qvUUnhs.roa
File:                     Qtc_zuFzRUz7J07L37X5qvUUnhs.roa (raw, json)
Hash identifier:          D6SdWG5JeosyZFAglIkmKFjIaBi039zmz2skeCVDiYg=
Subject key identifier:   42:D7:3F:CE:E1:73:45:4C:FB:27:4E:CB:DF:B5:F9:AA:F5:14:9E:1B
Certificate issuer:       /CN=f3461651e5be24509772975ba98c70ec6ee3cd7b
Certificate serial:       019B775880C941510FE0ACCD5FA3B201844B
Authority key identifier: F3:46:16:51:E5:BE:24:50:97:72:97:5B:A9:8C:70:EC:6E:E3:CD:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/80YWUeW-JFCXcpdbqYxw7G7jzXs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/df206b-bdbb-4fe0-9f7b-c0ac4e9af3cb/1/Qtc_zuFzRUz7J07L37X5qvUUnhs.roa
Signing time:             Thu 01 Jan 2026 02:17:27 +0000
ROA not before:           Thu 01 Jan 2026 02:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206002
IP address blocks:        185.140.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/df206b-bdbb-4fe0-9f7b-c0ac4e9af3cb/1/80YWUeW-JFCXcpdbqYxw7G7jzXs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/df206b-bdbb-4fe0-9f7b-c0ac4e9af3cb/1/80YWUeW-JFCXcpdbqYxw7G7jzXs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/80YWUeW-JFCXcpdbqYxw7G7jzXs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:80:c9:41:51:0f:e0:ac:cd:5f:a3:b2:01:84:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3461651e5be24509772975ba98c70ec6ee3cd7b
        Validity
            Not Before: Jan  1 02:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=42d73fcee173454cfb274ecbdfb5f9aaf5149e1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fd:5e:db:d5:3a:c0:ac:99:45:87:3b:a0:71:6a:
                    fb:c7:91:2f:b2:40:1a:eb:1e:c6:a0:3e:05:a7:94:
                    a0:22:9b:bf:8b:5b:2a:79:bf:2a:fe:25:2b:eb:b7:
                    26:f1:09:9b:3c:7e:ca:db:2c:50:ad:a2:e5:1d:b6:
                    68:40:9f:77:49:4a:9e:66:09:21:d2:4f:c7:8a:fd:
                    49:f9:f3:44:e4:64:1d:13:ce:78:16:5a:6a:f6:bf:
                    5f:40:34:c1:1e:97:86:4d:00:79:75:e0:11:8b:8d:
                    5a:06:85:25:20:fe:96:e0:d2:9a:28:ec:c2:0f:85:
                    b4:77:50:26:2f:92:21:9b:05:c5:43:5f:c5:8d:74:
                    12:3a:53:9b:e3:11:50:40:29:55:26:f1:63:a3:eb:
                    8c:b8:c3:d7:be:1d:82:06:b3:5a:8f:1e:3b:38:24:
                    cd:88:f1:52:e1:60:95:ee:7d:c1:d8:0b:c1:8c:67:
                    37:ee:ec:82:4d:b2:2a:fd:1c:e4:4e:97:2e:ff:ad:
                    f1:1a:47:b0:a7:ae:c8:78:47:87:99:1c:e7:d3:d5:
                    0b:9f:84:0a:eb:dc:ae:51:c4:42:17:09:af:cd:e8:
                    57:a9:c7:e4:be:70:7a:20:9c:5a:cd:41:2c:d8:24:
                    64:bd:a7:d3:9b:da:8b:95:76:08:d7:fc:fe:67:85:
                    c3:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:D7:3F:CE:E1:73:45:4C:FB:27:4E:CB:DF:B5:F9:AA:F5:14:9E:1B
            X509v3 Authority Key Identifier:
                keyid:F3:46:16:51:E5:BE:24:50:97:72:97:5B:A9:8C:70:EC:6E:E3:CD:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/80YWUeW-JFCXcpdbqYxw7G7jzXs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/df206b-bdbb-4fe0-9f7b-c0ac4e9af3cb/1/Qtc_zuFzRUz7J07L37X5qvUUnhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/df206b-bdbb-4fe0-9f7b-c0ac4e9af3cb/1/80YWUeW-JFCXcpdbqYxw7G7jzXs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:88:24:e5:d1:c8:75:01:83:81:bf:fa:40:d4:b7:09:86:42:
         a0:72:44:e3:19:21:5d:84:3e:d6:15:97:b8:34:de:90:de:03:
         36:af:b0:70:94:ff:46:82:ba:1e:59:2e:9c:0c:5d:5c:bb:7c:
         7b:18:6c:83:b2:fd:54:5a:2b:4e:dd:78:0e:a8:9b:47:c4:d4:
         66:f4:97:0c:f0:57:50:4b:63:51:e5:cb:7d:ad:23:bd:44:c5:
         61:5b:8a:50:d3:64:51:a0:45:fb:b0:df:3d:23:da:a3:ee:cf:
         d1:8d:2c:b8:35:c0:42:46:dc:91:0a:bf:36:9c:30:53:fb:2b:
         65:a0:31:eb:a0:c6:0f:64:86:9a:2c:3f:ea:0e:76:de:9f:0c:
         43:43:16:0f:98:27:67:ca:6f:32:0b:79:31:39:ef:c8:47:ef:
         0f:5c:0f:18:5a:3e:93:79:9f:7b:c6:a1:e4:f8:67:cf:28:3b:
         c5:b7:d1:00:44:f3:37:6a:e5:5d:dd:4d:2b:bf:ae:13:21:1e:
         dc:c7:f7:a2:d3:76:de:d0:3d:46:25:5b:da:97:7b:c5:08:43:
         22:e5:03:65:62:ba:d5:46:40:af:85:a6:b3:42:f9:6a:52:76:
         21:43:34:db:87:df:7f:98:03:af:04:6c:d7:5c:f4:ad:b6:ee:
         85:1e:c2:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WIDJQVEP4KzNX6OyAYRLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNDYxNjUxZTViZTI0NTA5NzcyOTc1YmE5OGM3MGVjNmVl
M2NkN2IwHhcNMjYwMTAxMDIxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmQ3M2ZjZWUxNzM0NTRjZmIyNzRlY2JkZmI1ZjlhYWY1MTQ5ZTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/V7b1TrArJlFhzugcWr7x5EvskAa
6x7GoD4Fp5SgIpu/i1sqeb8q/iUr67cm8QmbPH7K2yxQraLlHbZoQJ93SUqeZgkh
0k/Hiv1J+fNE5GQdE854Flpq9r9fQDTBHpeGTQB5deARi41aBoUlIP6W4NKaKOzC
D4W0d1AmL5IhmwXFQ1/FjXQSOlOb4xFQQClVJvFjo+uMuMPXvh2CBrNajx47OCTN
iPFS4WCV7n3B2AvBjGc37uyCTbIq/RzkTpcu/63xGkewp67IeEeHmRzn09ULn4QK
69yuUcRCFwmvzehXqcfkvnB6IJxazUEs2CRkvafTm9qLlXYI1/z+Z4XDWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFELXP87hc0VM+ydOy9+1+ar1FJ4bMB8GA1UdIwQY
MBaAFPNGFlHlviRQl3KXW6mMcOxu4817MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODBZV1VlVy1KRkNYY3BkYnFZeHc3RzdqelhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9kZjIwNmItYmRiYi00ZmUwLTlmN2It
YzBhYzRlOWFmM2NiLzEvUXRjX3p1RnpSVXo3SjA3TDM3WDVxdlVVbmhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9kZjIwNmItYmRiYi00ZmUwLTlmN2ItYzBhYzRlOWFmM2Ni
LzEvODBZV1VlVy1KRkNYY3BkYnFZeHc3RzdqelhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYzdMA0G
CSqGSIb3DQEBCwUAA4IBAQAtiCTl0ch1AYOBv/pA1LcJhkKgckTjGSFdhD7WFZe4
NN6Q3gM2r7BwlP9GgroeWS6cDF1cu3x7GGyDsv1UWitO3XgOqJtHxNRm9JcM8FdQ
S2NR5ct9rSO9RMVhW4pQ02RRoEX7sN89I9qj7s/RjSy4NcBCRtyRCr82nDBT+ytl
oDHroMYPZIaaLD/qDnbenwxDQxYPmCdnym8yC3kxOe/IR+8PXA8YWj6TeZ97xqHk
+GfPKDvFt9EARPM3auVd3U0rv64TIR7cx/ei03be0D1GJVval3vFCEMi5QNlYrrV
RkCvhaazQvlqUnYhQzTbh99/mAOvBGzXXPSttu6FHsLi
-----END CERTIFICATE-----